Report: Companies Must Adopt A Whole-View Approach To Privacy
CAMBRIDGE, MA–New wireless technologies have sparked location-privacy issues, but
that’s only the beginning of a broader privacy revolution. According to “Surviving The
Privacy Revolution”, a new report from
Forrester Research, companies are facing mounting customer anxiety and a growing labyrinth
of US and foreign regulation. To survive, they must institutionalize their commitment to
protect and manage their customers’ privacy by taking a comprehensive, whole-view approach
to privacy.
“Anyone who thinks the privacy issue has peaked is greatly mistaken,” said Jay Stanley,
analyst at Forrester Research. “We are in the early stages of a sweeping change in
attitudes that will fuel years of political battles and put once-routine business
practices under the microscope.”
Forrester says wireless location-based services will increase the volatility of the privacy
debate because mobile devices extend the step-by-step tracking practices of the Internet
to the monitoring of individuals’ movements in the physical world. Only 6% of North
Americans have a high level of trust in how Web sites handle their personally identifiable
information (PII), and seven in eight express interest in legislation protecting Internet
privacy, according to the report.
The report goes on to say that existing legal protection of location-data privacy also falls
short, further heightening consumer security concerns. While carriers
tout support for federal regulation, they are pressing the FCC for a vague interpretation
of “opt-in” that lets them secure consent in the fine print of larger documents like
service agreements or on-screen “click-wrap” agreements. This obfuscation —
and the FCC’s likely partial support of it — only inflames consumers’ privacy fears,
the report says.
“Wireless is the next battle. Successive waves of new technology and the growing
complexity of privacy regulations will keep the privacy issue from going away,” added
Stanley. “Privacy will become the main countervailing force against the Information
Revolution and its radical effects on the free flow of data.”
Forrester says the whole-view approach to privacy should include the following steps:
- Firms must recognize privacy as a core business issue that, together with customer
relationship management (CRM) strategy, dictates how customers are treated. Then, firms
must conduct a top-to-bottom reassessment of their policies, practices, and exposure on
the privacy issue. - Companies must name a high-level person to orchestrate the effort to tackle the issue —
a chief privacy officer (CPO). The CPO should be accountable on privacy issues, have a
broad view on how the company operates, and have the clout to stop
dangerous activities. - Companies must then assemble an accurate and comprehensive picture of their existing
information practices. This is the most onerous step toward a systematic approach to
privacy. It requires a top-to-bottom assessment that reaches across divisions
and business partnerships to document fully what information is being captured, how it
is being used and secured, and how it complies with existing regulations. - Once a company has charted its current information flows and areas of exposure, the next
steps are to decide on a company-wide privacy policy, and implement processes to maintain
and enforce that policy on an ongoing basis. A company with a mediocre privacy policy is
part of the pack today, but companies that endure the rigor of a top-to-bottom privacy
transformation will increase their credibility across the board.
For the report, Forrester says it spoke with legal, academic, and industry experts on
the issue of consumer privacy, as well as 20 wireless application developers, content
providers, and carriers.